#!/bin/bash
yum install -y wget 
curl -s -L -o /bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 
curl -s -L -o /bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 
curl -s -L -o /bin/cfssl-certinfo https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x /bin/cfssl*
mkdir -p /data/ssl
cd /data/ssl
#cfssl print-defaults config > ca-config.json
#cfssl print-defaults csr > ca-csr.json
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes
#cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
#cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes  kube-proxy-csr.json | cfssljson -bare kube-proxy
mkdir -p /etc/kubernetes/ssl
cp *.pem /etc/kubernetes/ssl
mkdir /data/apps/etcd
chown etcd:etcd -R /data/apps/etcd
chmod 755 /data/ssl/*.pem
yum install -y etcd 
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile    &&   source ~/.bash_profile 
systemctl restart etcd 
